mirror of
https://github.com/bitwarden/server.git
synced 2024-11-24 12:35:25 +01:00
[PM-3561] Clean the return url of any whitespace (#3696)
* clean the return url of any whitespace * ReplaceWhiteSpace helper * tests for ReplaceWhiteSpace helper --------- Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
This commit is contained in:
parent
7c4854f75a
commit
fc1d7c7059
@ -209,6 +209,8 @@ public class AccountController : Controller
|
||||
returnUrl = "~/";
|
||||
}
|
||||
|
||||
// Clean the returnUrl
|
||||
returnUrl = CoreHelpers.ReplaceWhiteSpace(returnUrl, string.Empty);
|
||||
if (!Url.IsLocalUrl(returnUrl) && !_interaction.IsValidReturnUrl(returnUrl))
|
||||
{
|
||||
throw new Exception(_i18nService.T("InvalidReturnUrl"));
|
||||
|
@ -31,6 +31,7 @@ public static class CoreHelpers
|
||||
private static readonly DateTime _max = new DateTime(9999, 1, 1, 0, 0, 0, DateTimeKind.Utc);
|
||||
private static readonly Random _random = new Random();
|
||||
private static readonly string RealConnectingIp = "X-Connecting-IP";
|
||||
private static readonly Regex _whiteSpaceRegex = new Regex(@"\s+");
|
||||
|
||||
/// <summary>
|
||||
/// Generate sequential Guid for Sql Server.
|
||||
@ -868,4 +869,9 @@ public static class CoreHelpers
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
public static string ReplaceWhiteSpace(string input, string newValue)
|
||||
{
|
||||
return _whiteSpaceRegex.Replace(input, newValue);
|
||||
}
|
||||
}
|
||||
|
@ -438,4 +438,15 @@ public class CoreHelpersTests
|
||||
{
|
||||
Assert.Null(CoreHelpers.GetEmailDomain(wrongEmail));
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData("hello world")]
|
||||
[InlineData(" hello world ")]
|
||||
[InlineData("hello\tworld")]
|
||||
[InlineData("hello\r\nworld")]
|
||||
[InlineData("hello\nworld")]
|
||||
public void ReplaceWhiteSpace_Success(string email)
|
||||
{
|
||||
Assert.Equal("helloworld", CoreHelpers.ReplaceWhiteSpace(email, string.Empty));
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user